hxxp://confirmar-validacion-msn[.]weebly[.]com

Analysis

max time kernel
208s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://confirmar-validacion-msn.weebly.com

Score

10^/10

microsoft discovery phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
Detected potential entity reuse from brand microsoft.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
4220	msedge.exe
4220	msedge.exe
5044	identity_helper.exe
5044	identity_helper.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 1752	4220	msedge.exe	82
PID 4220 wrote to memory of 1752	4220	msedge.exe	82
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 4756	4220	msedge.exe	83
PID 4220 wrote to memory of 2292	4220	msedge.exe	84
PID 4220 wrote to memory of 2292	4220	msedge.exe	84
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85
PID 4220 wrote to memory of 460	4220	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://confirmar-validacion-msn.weebly.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfad146f8,0x7ffdfad14708,0x7ffdfad14718
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5600 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15917159288747879039,2145656508332621140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\065660f1-51b5-4b92-9749-c53bf12f7a2e.tmp

Filesize
10KB

MD5
1a71ae818e10a025cc1b799bdf01c69c

SHA1
5d726a366b77aed1abb6e94607bf12fb0b157644

SHA256
9674ffb41c9c2153415941d5bd235c4269b219a7deaec04f15642bd7841da047

SHA512
a0c21e7e30d9faca078df1f115f46e8d5afc1967012cfa59368ba49dde8824705ddc77b379e631eeb6028c04dfb8218a72a84116c7997c09d54173f3bde759f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07394995-43d3-4501-9ba4-0f8e6653190e.tmp

Filesize
7KB

MD5
7328d5c310e0515c6d4ed250c6c79d27

SHA1
64806d0ac59397d8db3d0a22d9a4c66eb4dad5f8

SHA256
44fff96ca520c4d5b091c222f2138f88c3c7325a713dae8ade94c599d4f853c7

SHA512
d390000d63da0c914073694e1dd5bfffa36e09aa7edd9e427e36e4d97515c920b74fe6d7aa42e6fa8e5207ddb5e3d786269117e22ae182efae508e20b31c2e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
8245399f125cd568bdb6296a00c50397

SHA1
1f16003f67bcfa71df66be765308fc4d9064f9ec

SHA256
9ed5656657fcd81cc7a31248826e7dc0c0ff6744de4a1691f8b75fefaabb1084

SHA512
27cda2a16eb049a4dbf4c546f615647c7306c55ee85e6662137b1f5ae5af274e79c0ae77a13ba6d54bef47a66883f347b85e2df79138c2bc7e36285b363a87c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d0ea57e76e75d441e77a7f727d16f09d

SHA1
d429deab2a6de78a9400b99a070682c066a5a0cb

SHA256
4e8c635697cc2afa9384b08947a6b5ea35e1d33d7f866d3d5086c8141f8d0671

SHA512
19da234718119b2261ab17e1e7c8cefef27b8e039fdb1877ae32dcdd6cccadda9216d96157a55a03f29295ee7fe0d0c6388a7e331a8b9dfc18a3e70ae8773f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7451172a55f15ee18b375ac190e9b0d5

SHA1
bb36cbe5499c49189e415d507210bc6c74b3347a

SHA256
d97c153c8130902784f7b3e9182cd0483dceaa7a53784d6edd7b0add1565e417

SHA512
91c2f897f8b554a4df83bd1eb2ac4fe4e5ac08bac32de6e1210c3718a0889fed39d5f7c72d3ebd8b954b5bc1eefcd9382a09990e662a7c594b568215b6876690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
17e6783f19fbdcb5fbc5315bf6942d5f

SHA1
c32d99741be019fb058368343f44084dc2a953f4

SHA256
fcf7bf1e17c8e0200bd8178ffed4aa6814fc83c2cefa7ff18350596d45555c4f

SHA512
585b7396060887e8a69cdd7d228ca5b5947fe1cc22e17d9e92f707efe640093fc64d8c400e7d1100397b3d9c27d6c6361eaf41441ee065776acd2e8626a899d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3947c4d1211cb88ed0df13fb47eeb11

SHA1
4e209c3891ddd79b4c09aeac12ef9ec8e69a0664

SHA256
8c6a6c4c40d92e2b9b2394da0de7595a87063089af9b3bf10181c440422e33d7

SHA512
5038e460772f5de201db7387531c2a5756d9b973c49b003d4c7dde039be2496bff1cc0c3cd424afe8e750f68e1b071d03b374b7e93e035f0f334d564086adcca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7cf9580f4522187de70bc9be815fb59

SHA1
ec477dd6a7705ede416bb318e349a2a2590463ba

SHA256
d2ccad50d1bc1808818dad560f3b729ed323cef3909ad1a4152f17a276ec5958

SHA512
48905eeba1af8ce27d2bcef204d2b0930ae816a7e1e41b885212cdfff2345c0b32d2ba3e721ba3d30b1d25a53689910c0874c82a286b01acd11cc350c1635969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a14820630280c7df514f1350360be5c6

SHA1
3671f1aa48d03d4383e964b68237ed31e19accd8

SHA256
2cb4b1368eb844d775a3e594e81609062037171c780a2dc8f3d31a0e6889b240

SHA512
a53eeaea5e9def85fef94b07a53c679a1677cd9ffb3ebc7fb21319deba1aec745f525ece11801a11535b1b90f5b4d8b2c0baf92ce4178a2610db9a8fa26cd54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e06e6a9a540c27de54979f84e05b6c13

SHA1
69222807a5affd41484533fa52b9d51a17dc87c1

SHA256
9bd2f4b35868a1753fa4bd38a2111e12213ce5118049fe86fefa1d7e0e4a34a2

SHA512
747536cfbfb062bf78f88e0e4c586e15da8687001230818d8f9744b0c42fade2a2fe368228449a6cd76085205fa976bd6f6a7605866e3a4222705ced349c8336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e99e688ed582535d41ede324c6666a48

SHA1
b6f5fc857c332c5e32428fb4a5af788203123ba0

SHA256
f287f44f5df2f2d931c208e4c80f45875f6816619c6289100f8b69434e77fd09

SHA512
fb2a55394da3c7bb4d829cc39ecbb9ba596f5af34c40f25af1f0a86d2f3871709ce080788d9c37d28ce89d2b8ff7c7aa731510b71bd9298e28423478e8f0ff25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
4ad51a673a663b085fed2d00824a1e10

SHA1
2856161a5bfc2b890e8ac2695c775672ee68f758

SHA256
73e10c63aa2bc4f8018f58467ef2f27b4e44cb1ed2a732518595a347f95b4e1d

SHA512
7ff52a1f9e89932bc8e0e99225e0e18c8e406bd53c0ae202fbc9b87d0feb8b6df6011f64d7f290b55c316fbd8c482f46f1529add3a48b6392397c6521a73e888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e288194c941c4c023dcdd557023f2c92

SHA1
56d6364eb32a13f0c8e7f3f2b24a8a6c09f33c07

SHA256
34a1eb1184a78b612330d8bda5e7d5e87652ba28d2e23d16fe64f9f7bc9a6373

SHA512
829c7dbe5e30b14e994bef2d76c6add36ca9bf842f4be0fd1d23fe8e0cc989583a4ff4d88e6baef555c73eb25de25d4992c3492c6722eebc00cbceacaa7bc46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f448789febb6f74e39bd537bc338a06b

SHA1
6442930e49bde8940056205d0943f72f2314c998

SHA256
a0ba53a1485eb97e9d451a8418f62f00ffe68ed63bbbb7e91dbb277e071d11d5

SHA512
df134d1e3d9aca8aca280f96ee5b184eeace659dc12b67e2421de21732c5a2ee8a4b0e74b569a5f4709c633fd34062fb25ffc246c1f1564c0f123d57aaab7dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58aff2.TMP

Filesize
370B

MD5
69f32b29cd85eed11bdec57f39fc8165

SHA1
3f84bb2da5a7176e890701eb4608ed8ef28ee5ae

SHA256
d574671deb7208fa76ed4655bafa12e14a810a7a023b9def35a1693ab7243a5b

SHA512
c634e6e613cca61413c52b3a60f44cd5f493a98b53240eb59e1dc5c494537029cd4e30258d6b5c09e2bcf54e85da09f3332dc169a8e1a8f1d6371c3e5879304e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5d838a1f894b1f2eff0956d44c5a5e4

SHA1
a946e3b382af3e9bcf8e9d02742b75cf78a044ed

SHA256
adaf55e7b172d3ab111c7c7c920126c111ecbd90d1f5b63fa20b16ce5c3ed51b

SHA512
859625eeec08a1fea4304052899beeb36cbdc0bc942e4d17d11ec2087c6911b0ef4e5dd4350c408191a79df859045b0b19cb10d0171319bc723f1fb48d67388f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
afd6b93475fc353e437ce7966f9d8b8d

SHA1
ed55edbb338a5b01d49a6964ab22c1f0a4f10aab

SHA256
31840c701c45fe131074d36edea8516ecda484f5751cdf466dc9831480274dd3

SHA512
cbe9ce4efb6bff834a3b1a5aa445f4eef50e9bfb29cb433f91c213c1f6acdf1697c18d1486addd678174df6e9c02610a063d88973e564c6d0f80565f3d590765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4917e2f9ac0e24e9970780594bf6e1ca

SHA1
8600907db92723621ca6126a206102eb70f7ad44

SHA256
651b94c6792caf8fb5e6319872ab8f2b2cfae4cb7da3a60ad210c766c07565f5

SHA512
ef83eae2d758ae43722c87ef37a719215b15d362e91730058b8ac39ba4176e503efb695fb864d1feefc031f021d8e602c26b830e396741c4d69feca41162e115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f0791834-c4f0-4ffa-8321-8bee89ffdb79.tmp

Filesize
10KB

MD5
58e5124b2995c85cc8f9dd18f6e63000

SHA1
34dd2f6ec0166f6be864f494121834da22d80458

SHA256
b3e33352eaa6c6fea9c318937cd4db2b276270fb0764fb309f78e498b868e80c

SHA512
4378c8afe99907cfb118566811307a18e813acee43e933d787d591770c5eaa358980055382f9b5fb39136a884ba352a29c8cd12126caf332e8eb04426f4f77a0

Download Submit